Online fight over spam becomes largest-ever Internet-snarling attack**
Experts focus on a well-known web flaw that has allowed the problem to be greatly amplified, and could lead to worse attacks in the future.
By: Kate Allen](http://www.thestar.com/authors.allen_kate.html) Science, Technology World, Published on Wed Mar 27 2013
EXPLORE THIS STORY
After what some are calling the largest-ever Internet attack of its kind, experts are focusing on a well-known web flaw that allowed the problem to be vastly amplified, and could lead to much worse attacks in the future.
The Distributed Denial of Service attack — DDoS for short — began last week and was initially directed at Spamhaus](http://www.spamhaus.org/organization/), a European-based spam-blocking organization. DDoS attacks work by directing so much junk traffic toward a site that legitimate users can’t get through.
But by early this week, that traffic had peaked at 300 Gigabits per second, enough to gum up the basic plumbing of the net and hamper unrelated web users worldwide.
The DDoS attack, which has abated in the past 24 hours, was perhaps the largest ever, and “certainly the largest that has ever been publicly announced,” said Matthew Prince, CEO and co-founder of CloudFlare, the company that was hired by Spamhaus to help absorb the attack](http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet).
“At that point, it starts to affect the core routing of the Internet in certain places,” Prince said.
More importantly, Prince and others are calling attention to the flaw that attackers harnessed as a multiplier effect: open Domain Name System resolvers, a bit of misconfigured software that is both common and that hackers are increasingly using to amplify these kinds of attacks](http://dns.measurement-factory.com/surveys/openresolvers.html). Open resolvers allow attackers to send a packet of data pretending to be from the attacked site and have servers around the world aim much, much more data back at the victim.
David Skillicorn, a school of computing professor at Queen’s University in Kingston, Ont., questions whether this is really the largest DDoS attack ever since so many go unreported. But he, like others, said the open resolver problem is a massive one.
“The Internet doesn’t have any police — there is no governing body that can enforce certain rules about making sure your system is configured properly,” Skillicorn said. “It’s designed to be open, so there are all these places that if you want to, you can exploit that openness.”
Prince added that 100,000 open resolvers on the Internet were used in this attack, but there are 21 million in total.
“The scary scenario is if all of those were pointed at core parts of infrastructure of the Internet — in that case you could actually threaten the functioning of the Internet,” said Prince (who, however, disagrees that the web has a governance problem.)
DDoS attacks are common. To pick a few recent incidents, they were used to cripple Mastercard’s website on behalf of Wikileaks, to disrupt e-voting at the NDP leadership convention last March](http://www.thestar.com/news/canada/2012/03/27/ndp_leadership_online_voting_company_blames_delays_on_orchestrated_attempt_to_thwart_democracy.html), and to knock a series of American banks offline last fall.
In the case of the banks, the DDoS attacks peaked at 30 to 80 Gigabits of traffic — a fraction of what the Spamhaus attack reportedly saw.
Spamhaus is a not-for-profit based in Geneva and London that maintains blacklists of alleged Internet spammers, databases used by many email providers and others to help filter out junk. While media outlets claimed that a particular web host blacklisted by Spamhaus was responsible for the attacks, that host has not taken responsibility.
Read more about: Europe](http://www.thestar.com/topic.ng-e-u-r-europe.html)